NimMalware
Malware compiled with the Nim programming language. winim 5.7.48 uses Windows API, puppy 4.9.4 HTTP client (allowAnyHttpsCertificate - SSL authentication bypass), zippy 4.9.8 uses compression libraries. MinGW is compiled with GCC 9.3-win32. 18 PE section, TLS anti-analysis.
Threat Profile
Type
Backdoor
Programming LanguageNim
C2 ProtocolHTTP
First Seen2025
Targets
Kuresel
Purpose / Capabilities
- Backdoor/HTTP C2
No C2 servers have been identified for this family yet.
Research Reports (1)
NimMalware 3de6a48a -- winim5.7.48 puppy4.9.4 allowAnyHttpsCertificate zippy4.9.8 WinHttpSendRequest mingw-gcc-9.3 sinc-shellapi-windef 18-sections TLS | Yuksek
NimMalware 3de6a48a PE32 x86 811KB MinGW GCC 9.3. winim 5.7.48 + puppy 4.9.4 (allowAnyHttpsCertificate) + zippy. WinHttpSendRequest. 18 section TLS.
Read Report →